PHP Programmers SPAM Me!

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • SinSational
    Confirmed User
    • Oct 2004
    • 1723

    #1

    PHP Programmers SPAM Me!

    i have a customer that has some php code written but it is pretty sloppy. basically it uses a mysql db to authenticate a username and password. if the username and password are in the DB then it takes them to the members are (which is in a frame) and if not then it takes them to an error page. some people are having trouble getting to the frame and bounces them back to the login screen. Norton Internet Securities privacy feature has been one of the problems (when turning it off people can get in fine), and Mac user's are having trouble with the frames.

    basically they are looking for the code to be altered without using frames to get to the members area, but at the same time it has to be protected.

    if you know of how to possibly solve this and can do the work, then please email me at chris (a.t.) atcihosting (d.o.t) com with what you think may work and your cost. i can also give you some more details to how it works. please do not icq me because it is too hard to keep track of who quoted me what price etc.

    thanks

    ICQ# 273099174 - monthly specials - 2 Month Free Credit on All Plans - 100% Referrals - chris@ for details
    Virtual from $14.95/month, Dedicated from $149.95/month
    Dual-Core Xeon > 1000GB @ $149.95 | 1500GB @ $169.95 | 10Mbps @ $269.95
  • juicylinks
    So Fucking Banned
    • Apr 2001
    • 122992

    #2

    Comment

    • SinSational
      Confirmed User
      • Oct 2004
      • 1723

      #3
      i heard juicy knew everything.....i didn't think php though.

      ICQ# 273099174 - monthly specials - 2 Month Free Credit on All Plans - 100% Referrals - chris@ for details
      Virtual from $14.95/month, Dedicated from $149.95/month
      Dual-Core Xeon > 1000GB @ $149.95 | 1500GB @ $169.95 | 10Mbps @ $269.95

      Comment

      • pornpf69
        Too lazy to set a custom title
        • Jun 2004
        • 15782

        #4
        ...if I were not on 2 other projects I would hit you up....

        Comment

        • Jennie
          Confirmed User
          • Mar 2004
          • 2018

          #5
          Hit me up !!!

          Thanks..

          xxxoutsourcing.com
          ICQ:119936 - Aim:xxxoutsourcing - US Toll FREE: 1-866-978-1048

          Comment

          • foxylady
            Confirmed User
            • Oct 2004
            • 1829

            #6
            mail sent, you could check your mail now.

            thanks

            Comment

            • raymor
              Confirmed User
              • Oct 2002
              • 3745

              #7
              Strongbox, next generation security system,
              can authenticate against a MySQL database.
              After 5 years of development, Strongbox is going
              to be much more robust and effective then anything
              a PHP scripter is going to whip out for you this week.
              For historical display only. This information is not current:
              support@bettercgi.com ICQ 7208627
              Strongbox - The next generation in site security
              Throttlebox - The next generation in bandwidth control
              Clonebox - Backup and disaster recovery on steroids

              Comment

              • s9ann0
                Confirmed User
                • Sep 2001
                • 4873

                #8
                three words for you:

                mod auth mysql

                Comment

                • seven
                  Confirmed User
                  • Apr 2002
                  • 2697

                  #9
                  Originally posted by raymor
                  Strongbox, next generation security system,
                  can authenticate against a MySQL database.
                  After 5 years of development, Strongbox is going
                  to be much more robust and effective then anything
                  a PHP scripter is going to whip out for you this week.
                  Exactly what I was thinking, why not get a real pass script?

                  Got strongbox yesterday on 1 site, like it already getting ready to have it on a 2nd site
                  Toy Rev
                  Rouge Web Design

                  Comment

                  • SinSational
                    Confirmed User
                    • Oct 2004
                    • 1723

                    #10
                    Originally posted by raymor
                    Strongbox, next generation security system,
                    can authenticate against a MySQL database.
                    After 5 years of development, Strongbox is going
                    to be much more robust and effective then anything
                    a PHP scripter is going to whip out for you this week.
                    looks good, but can it be integrated with a PIN system? the current set up works like this:
                    people redeem a PIN # and create a user/pass at this time.
                    the user/pass is datestamped and allows unlimited access for 1, 10, 30 days etc.
                    when they redeem the PIN the above info is inserted in to the table.
                    the fields in the table are pin, username, password, days valid, pin reedeem date, pin expire date.
                    every time they go to login, the user/pass is validated against the table. if it is still valid it takes them to the members area page, if not it takes them to an error page and deletes the expired record from the table

                    ICQ# 273099174 - monthly specials - 2 Month Free Credit on All Plans - 100% Referrals - chris@ for details
                    Virtual from $14.95/month, Dedicated from $149.95/month
                    Dual-Core Xeon > 1000GB @ $149.95 | 1500GB @ $169.95 | 10Mbps @ $269.95

                    Comment

                    • s9ann0
                      Confirmed User
                      • Sep 2001
                      • 4873

                      #11
                      Originally posted by SinSational
                      looks good, but can it be integrated with a PIN system? the current set up works like this:
                      people redeem a PIN # and create a user/pass at this time.
                      the user/pass is datestamped and allows unlimited access for 1, 10, 30 days etc.
                      when they redeem the PIN the above info is inserted in to the table.
                      the fields in the table are pin, username, password, days valid, pin reedeem date, pin expire date.
                      every time they go to login, the user/pass is validated against the table. if it is still valid it takes them to the members area page, if not it takes them to an error page and deletes the expired record from the table

                      why not use mod auth mysql and use basic auth (some might call this.htaccess password) and have a perl script or something on a crontab run daily to cancel users that expired

                      it would take like an hour to setup

                      Comment

                      • Varius
                        Confirmed User
                        • Jun 2004
                        • 6890

                        #12
                        First, make your pages you want protected include a .inc that does the following:

                        PHP Code:
                        if (!isset($_SERVER['PHP_AUTH_USER'])) {
                            $page = $PHP_SELF;
                            header("Location: /login.php?URL=".$page);
                            exit();
                        } 
                        
                        Then have the page login.php do this:

                        PHP Code:
                        if (!isset($_SERVER['PHP_AUTH_USER'])) {
                            authenticate();
                        }
                        else {
                           $sock = -open your db connection-
                        
                            $sql = "SELECT    id
                                    FROM      users_table
                                    WHERE     username='".$_SERVER['PHP_AUTH_USER']."'
                                    AND       password=PASSWORD('".$_SERVER['PHP_AUTH_PW']."')";
                            $res = mysql_query($sql,$sock);
                            if(mysql_numrows($res)hahahaha0) {
                                authenticate();
                            }
                            else {
                                header("Location: ".$URL);
                                exit();
                            }
                        }
                        
                        function authenticate() {
                            header("WWW-Authenticate: Basic realm=\"Member's Area\"");
                            header("HTTP/1.0 401 Unauthorized");
                            header("Location: [url]http://whatever.com/error.page[/url]");
                            exit;
                        } 
                        
                        What this will do, i any page they try and access thats protected, if they arent logged in it will popup the auth box. If they login properly, they will be redirected back to the page they were trying to access.

                        If they get it wrong few times, they will be redirected to your error page.

                        Fast, easy, no frames or modules needed.

                        Also allows you room for customization, for example when they do login successfully, you could update user_last_login in the database, or things like that....

                        Enjoy
                        Skype variuscr - Email varius AT gmail

                        Comment

                        • pornpf69
                          Too lazy to set a custom title
                          • Jun 2004
                          • 15782

                          #13
                          Originally posted by Varius
                          First, make your pages you want protected include a .inc that does the following:

                          PHP Code:
                          if (!isset($_SERVER['PHP_AUTH_USER'])) {
                              $page = $PHP_SELF;
                              header("Location: /login.php?URL=".$page);
                              exit();
                          } 
                          
                          Then have the page login.php do this:

                          PHP Code:
                          if (!isset($_SERVER['PHP_AUTH_USER'])) {
                              authenticate();
                          }
                          else {
                             $sock = -open your db connection-
                          
                              $sql = "SELECT    id
                                      FROM      users_table
                                      WHERE     username='".$_SERVER['PHP_AUTH_USER']."'
                                      AND       password=PASSWORD('".$_SERVER['PHP_AUTH_PW']."')";
                              $res = mysql_query($sql,$sock);
                              if(mysql_numrows($res)hahahaha0) {
                                  authenticate();
                              }
                              else {
                                  header("Location: ".$URL);
                                  exit();
                              }
                          }
                          
                          function authenticate() {
                              header("WWW-Authenticate: Basic realm=\"Member's Area\"");
                              header("HTTP/1.0 401 Unauthorized");
                              header("Location: [url]http://whatever.com/error.page[/url]");
                              exit;
                          } 
                          
                          What this will do, i any page they try and access thats protected, if they arent logged in it will popup the auth box. If they login properly, they will be redirected back to the page they were trying to access.

                          If they get it wrong few times, they will be redirected to your error page.

                          Fast, easy, no frames or modules needed.

                          Also allows you room for customization, for example when they do login successfully, you could update user_last_login in the database, or things like that....

                          Enjoy
                          this wont work as you have forgot to open the '{' after the if and after the else....

                          Comment

                          • aSStig
                            Confirmed User
                            • Apr 2004
                            • 1102

                            #14
                            we could help you on that . . . .

                            sent an email, do check it out . . .
                            PAYMENT SOLUTIONS
                            http://www.firstdata.com

                            Comment

                            • Varius
                              Confirmed User
                              • Jun 2004
                              • 6890

                              #15
                              Originally posted by pornpf69
                              this wont work as you have forgot to open the '{' after the if and after the else....
                              Where?

                              I put the open squiggly bracket in there its just it seems to get replaced by haha123 and the double = sign gets replaced by hahahaha
                              Skype variuscr - Email varius AT gmail

                              Comment

                              • Varius
                                Confirmed User
                                • Jun 2004
                                • 6890

                                #16
                                Originally posted by Varius
                                Where?

                                I put the open squiggly bracket in there its just it seems to get replaced by haha123 and the double = sign gets replaced by hahahaha
                                also damn board automatically parse the url (cuz i forgot to uncheck that box) in my header() and stuck a href tags on it...which shouldnt be there
                                Skype variuscr - Email varius AT gmail

                                Comment

                                • SinSational
                                  Confirmed User
                                  • Oct 2004
                                  • 1723

                                  #17
                                  thanks varius, i'll have to look in to this a bit more.

                                  ICQ# 273099174 - monthly specials - 2 Month Free Credit on All Plans - 100% Referrals - chris@ for details
                                  Virtual from $14.95/month, Dedicated from $149.95/month
                                  Dual-Core Xeon > 1000GB @ $149.95 | 1500GB @ $169.95 | 10Mbps @ $269.95

                                  Comment

                                  Working...